20 




FIG. 2 




FIG. 3 



QUESTIONS ARE POSED TO 
PARTY TYPING A RISK EVENT 



Block A 



EVENT TYPER RECEIVES 
ANSWERS TO THE QUESTIONS 



Block B 



EVENT TYPER MAPS ANSWERS TO 
LISTS OF POSSIBLE EVENT TYPES 
(ONE ANSWER PER QUESTION, 
ONE LIST PER ANSWER) 



Block C 



FUNCTIONAL RESULT IS ONE OR 
MORE EVENT TYPES IS ASSIGNED 
TO THE EVENT 



Block D 



ACTION IS TAKEN BASED ON ONE 
OR MORE EVENT TYPINGS 
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Decision Mappings of COR "Event Typer" : 
Question 1 



Theft/Fraud ( externa l) 
Theft/Fraud (external) 
Theft/Fraud (externa]) 
theft/Fraud (externalf 
Theft/Fraud (external) 
Theft/Fraud (internal) 
The ft/Frau d (internal) 

* Una uthorize d Trading 

Information Security 

Personal Safety 

Personal Safet y 

• Personal Safety 
■Personal Safety 
Employee Relations 
piversity/piscri minatio n 
i P^S^P'scnni [nation 
Natural Disaster 
Natural Disaster 
T®JI9rL s . rn / Political 
Malicious Damage 
Malicious Damage 
Malicio us Dam age 
Malicious Damage 
Malicious Damage 
Malicious Damage^ 
Malicious Dam age 

Disclosure, Suitability & Fi duciary "~ 
Improper Business Pract ices (by firm) 
Improper Business P rac t ices (by firm )_ 
: Improper .Business Practices (b y firm ) 
Improper Business Practices (as victim) 
Tax Vi olat ion 
Advisory Activities 
Sponsorship & Selection 
Regulatory Monitoring Reporting 
Transaction Processing 
Client Account Error 
System Failure 
Vendor Dispute 



j Employee (External) 
j External Person / Anybody 
J Client 
Partn ?[uPj?ry ent y, r er^ 
; Unknown 

i Employee (Internal) 

' Employee {jntemsri) w/Confederates 

H acker 

.Employee (Internal) 
J External Person / Anybody 

Client 

Unknown 

Employee (Internal) 



— r 



Employee (internal) w^Conjederates 
| Ex ternal Force (Natural) 
^External ForceJ|nfrastructurej 
terrorist/ Activist 
.Employee (Internal) _ 
[Employee (Internal) w/Confederates 
EmployeejExternal) 
External Person / Anybody 
Client 

jPartner, Co-Venturer 
Hacker 

Employee ([nternalj 

• Employee (Internal) 
|Employee (Internal) w/Confederates 
^ient 

? Employee (External) 

! Employee ([nternal) 

' Employee (Internal) 

Employee (Internal) 
j Employee (Internal) 
'Employee (Internal) 
,-Employee {Internal) 

Computer or Data System 

* Employee ^External) _ 



Decision Mappings of COR "Event Typer" : 
Question 2 



Event:! 



Theft/Fraud (external) 
Theft/Fraud (internal) 
Unauthorized Trading 
Information Secu rity 

' n (9!IP^[2. n ^ e .9 Hil^L- 
i 'Q^OfiJiation Security 

. Personal Safet y 
Employee R elations 
'Diversit y/Discrim ination 

» Natural Disaster 

Terrorism / Political 
Terrorism / Political 

Malicious Damage 

Disclosure, Suitability & Fiduciary 
I mproper Business Practices (by f irm) 
^Improper Business Practices (a s victim) 
Tax Violation 
Advisory Actiyites 
j Sponsorship & Se lection^ 
IR ®9jJj9lory.Mon]toring7 Reporting^ 
Transaction Processing 
Client Account Error 
System Failure 
Vendor Dispute 



! Personal Benefit 
Personal Benefit 



1 Personal Benefit 
•Personal Benefit 

Non-Financial Personal Benefit / Motive 

{Benefit to Another Firm 

jNo Benefit Intended / Mistake 

[Benefit to Firm 

Non-Financial Personal Benefit / Motive 

NP Benefit Intended / Mistake 

Personal Benefit 



; Non-F inancial Personal Benefit / Motive 
jNon-Financial Personal Benefit / Motive 
[Benefit to Firm 



j Benefit to Firm 

'Be nefit to Another Firm 

j Benefit to Firm 
^Benefit to Firm 

Benefit to Firm 

; No Benefit Intended / M istake 
No Jenefit Intended /"Mistake 
No Benefit Intended / Mistake 



J No Benefit Intended / Mistake 
[Benefit to Firm 



Decision Mappings of COR "Event Typer" : 
Question 3 



Theft/Fraud (external) 

;TheR/Fraud (external) 

The ft/Fraud (exVemair " 

Theft/Fra ud (interna l) 

Theft/F raud (intern al) 

Theft/ Fraud (internal) 

Unauthorized Trading 

Information Security 

Information Security 

Information Security 

Personal Safety 

PersonaJ Safety 

Personal Safety 

Employee R elations ' 
? Diversity/Di scri mination 

Diversity/Discrimination ^ 

Diversity/Discrimination 
Natural Disaster 
Natural Disaster 
. Natural Disaster 
Natural Disaster 
Terrorism / Political 
Terrorism / Political 
Terrorism / Political 
Terrorism . / PoiitrcaJ 
I Malicious DajTiage 
'Malicious Damage^ 
Malicious Damage 
Malicious Damage 
Malicious Damage 
Disclosure, Suitability & Fiduciary 
Improper Business Practices (by firm) 
Improper B usi ness Practices (by firm) 
Improper Business Practices (by firm) 
Improper Busjness Practices (by firm) 
Improper Business Practices (by firm) 
Improper Business Practices (by firm) 
Improper Business Practices (as victim) 
Tax Violation 
Advisory Activities 
Sponsorship & Selection^ 
Regulatory Monitoring / Reporting 
Regulatory Monitoring / Reporting 
Transaction Processing 
Transaction Processing 
Transaction Processing 
Client Account Error 
System Failure 
System Failure 
System Failure 

Vendor Dispute " ~~ 

Vendor Dispute 



Firm / Shareholders 

Client 1 
fAno ther F irm 
! F irm / S hareholders 
! Client 

[Member of General Public / Anybody 
[Firm / Shareholders 
JFirm / Shareholders 

Employee 

Ci ient 

Employee 

Client w " ~ ' 

Mem ber of Gen eral Public / Anybody 



Employee 
(Employee 
[Client 



Me m ber of General Public / Anybody 

. Fi rm / Shareholders 

j Em ployee 

jClient 
TMultiple 

Fir m / Shar eholders 

Employee 
^Cljent 

^uJtipTe 

Fjrm / Shareholders 
Employee 
'Client 

Member of General Public / Anybody 
jyijultiple 
Tciient 

iFirm / Sha reho lders 
^Employee 
J Client _Z~_~ 
Another Firm 

!Men^wof General Public / An ybody 
] Regulatory 7 Publi c or Gov ernmental 
JFirm / Shareholders 



Interest 
Interest 



I Regulatory / Public or Governmental 
•Ciient 
i Firm / Sh areholders 
I Membe r of General Public / Anybody 
jRegulatoryJ Public orJ3ov^nmental Interest 
*Firm / Shareholders 

.Client^J" 
j Another Firm 

Client 



Firm / Shareholders 



Client 

Another Firm 
firm I Shareholders 
Another Firm 



Decision Mappings of COR "Event Typer" : 
Question 4 



EventTjype: 



Theft/Fraud (externa^ 
Theft/Fraud (external) _ 
Theft/Fraud (external) 
Theft/Fraud (external) 
Theft/Fraud (external) 
Theft/Fraud (internal) 

Theft/Fraud (internal) 
Theft/Fraud (internal) 
Unauthorized Trading 
Information Security 
Information Security 
Information Security _ 
Personal Safety 
"■ Employee Rela tions 
Employee Relations 
Diversity/Discrimination 
Diversity/Discrimination 
Natural Disaster 
Natural Disaster 
Natura[ Disaster 
Natural Disaster 
Natural Disaster 
Natural Disaster 
Terrorism / Political 
Terrorism / Political 
Terrorism / P olitica l 
Terrorism / Political 



Terrorism / Politica] 
Terrorism / Polit ical 
Terrorism / Political 
Terrorism / Political 
Malicious Damage^ 
Malicious Damage 
Malicious Damage 
Disclosure, Suitability & Fiduciary 



Improper Business Practices (by firm) 
Improper Business Practices (b y firm ) 
Improper Business Practices (by Jrm) 
Improper Business Practices (by firm) 
Improper Business Practices (by firm) 
Improper Business Practices (by firm) 
^ProeHL^^^s Praotices (as victim) 
Improper Business Practices ( as victim ) 
Improper Business Practices (as v ictim ) 



I Financial (direct) 

^^JPS^^^^. to client "i ' 3rd Party) 
Trading / Market impact 
* Physical I njury 

Physical or Intellectual Property Loss / Damage 



i 



Financial (direct) 

^Rnanciai (indirect, to client / 3rd Party) 
| Ph ysical or Intellectual Property Loss / Damage 
! Fine 7 Penalty 

j Fina ncial (direct) 

t Financial (indi rect, to client / 3rd Party) 

jHuman, Personal, Privacy lights 

! Physical Injury 

j Fin ancial (direct) _ 

.Financial (indirect, to client / 3rd Party) 

Phy sical In jury 

Human, Personal, Privacy Rights 
Fina ncial ( indirect, to client / 3rd Party) 
Trading / Market Impact 

^Physical Injury 

Physical or Intellectual Property Loss / Damage 
'Failed Recourse 
iMi^r^ 

j Financial (direct) 

jFinancial (indirect, to client / 3rd Party) 
Trading / Market Impact 
> Ph ysical Injury 

_|JHuman , Personal^ Privacy ^ 
I Physical or Intell^ Loss / Damage 

Failed Recourse 



[Multiple 

jFinancial (direct^ 



^Financial (indi rect, to client / 3rd Party) 
'Physical qM^ 

Financial (indirect, to client / 3rd Party) 

Financial (indirect, to client / 3rd Party) 
Trading / Market Impact 

H uman, Personal, Privacy Rights 
[Physical or I ntellectual Property Loss / Damage 
i Fine / Penalty 
JFinancial (direct) 
Trading / Market Impact 
^Physical or [ntelle^^ / Damage 



Fit. GO 



Decision Mappings of COR "Event Typer" : 
Question 4 (part II) 



Event-Type: 



Tax Violation 
Tax Violation 
Tax Violation 
Advisory Activities 
Sponsorship & Selection 
: Spo nsorship & Selection 
Regulatory Monitoring / Reporting 
: Transaction Processjng 
< Transacti o n Pr oc essing 
Transa ction Proce ssing 
Transaction Processing 
Transaction Processing 
. Client Account Error 
System Failure 
System Failure 
System Failure 
System JFailure^ 
Vendor Dispute 



Financia l (direct) 



Fine / Penalty 



Multiple 

Financial (indirect, to client / 3rd F'arty) 
j Fine / Penalty 
| Fa iled Recourse 
jFine / Penajty^ 



j Financial (direct) 

financial (indirect, to client / 3rd Party) 

Trading / Market Impact 
jFajled Recourse 

\ Multiple 

^Financial (indirect, to client / 3rd Party) 
[ Fin ancial (direct) 

^Financial (indirect, to cjient / 3rd Party) 

ifrading / Markeympact 

(Multiple 

[Financial (indirect, to client/ 3rd Party) 



Decision Mappings of COR "Event Typer" : 
Question 5 



Theft/Fraud (external) 
Theft/Fraud (external) 
Theft/Fraud (external) 
Theft/Fraud (external) 
Theft/Fraud (external) 
TheWFraudj(internalj 
•Theft/Fraud (internal) 
TheWFraud {internal) 
Theftf Fraud (interna!) 
Theft/Fraud (internal) 
Unauthorized Trading 
Unauthorized Trading 
Unauthorized Trading 
Information Security 
Information Jiecurity 
Information Security 
Personal Safety 
Personal Safety 
Employee Re lati ons 
Diversity/Discrimination 
Diversity/Discrjmination 
Diversity/Discrimination 
Diversity/Discrimination 
Natural Disaster 
Natural Disaster 
Natural Disaster 
Terrorism / Political 
Terrorism / Political 
Terrorism / Political 
Malicious Damage 
Malicious Damage 
Malicious Damage 
Malicious Damage 
Malicious Damage 
Malicious Damage 
• Malicious Damage 
Malicious Damage 
Disclosure, Suitability & Fiduciary 
Disclosure, Suitability & Fiduciary 



Ordinajy Co^tractu^ 

Member of General Public / Ordinary Citizen 



Not Sure / Not Applicable 
^Employee Conductinglntemal, Non-Fiduciay Task 
Ijnv Manager /J^Mj^ar)^/ Trustee / Duty of Care 
• Not Sure / Not A pplicable 
^Ordinary Contractual / Commercial Counterparty 
Inv Manager / Fiduciary / Trustee / Duty of Care 
Member of General Public / Ordinary Citizen 
Employee Conducting Internal, Non-Fiduciay Task 
Member of General Public / Ordinary Citizen 
Briptoyee Conduc^ingjnternal, Non-Fiduciay Task 
'Not Sure / Not Applicable 
Member of General Public / Ordinary Citizen 



Not S ure / Not Applicable 



Employee Conducting Internal, Non-Fiduciay Task 
Member of General Public / Ordinary Citizen 
| Not Sure / Not Applicable 
(Employer 

^Member of General Public / Ordinary Citizen 
(Employee ^Conducting Internal, Non-Fiduciay Task 
Ordinary Contractual / Commercial Counterparty 
Employer 

Mem ber of General Public / Ordinary Citizen 
No Role or Responsibility 
Not Sure / Not Applicable 

Emplo yee C onducting Internal, Non-Fiduciay Task 
Member of General Public / Ordinary Citizen 
; Not Sure / Not Applicable 
Not Sure / Not Applicable 



Member of General Publicjl ^P£dinary Citizen 
Vicarious Responsibility for employee, agent, etc 
Party to Specifically Negotiated Contract " 
Employee C onductin g internal, Non-Fiduciay task 



Improper Business Pr actices ( by firm) 
Improper Business Practices (by firm) 
Improper Business Praj^ices (by firm) 
Improper Business practices (by firm) 
Improper Business Practices (by firm) 
Improper Business Practices (as victim) 
'mprqp^r^usmess Pjact|ces (as victim) 
Improper Business Practices (as victim) 



.J!/™ Mana 9 er _( FWii^jQf/Trustee / Du *y of Care 

_ Ordinary Contractual / Commercial Counterparty 
[Under Duty to Disclose / Offer Suitable Deals 
! Inv Manager / Fiduciary / Trustee / Duty of Care 
Under D^ Deals 
_ ■ M ember of General Public / Ordinary Citizen 
Ordinary Contractual / Commercial Counterparty 
PartyJ^ 0 Specifically Negotiated Contract 
J^?i? ure 'Not Applicable ~ 
Employee Conducting Internal, Non-Fiduciay Task 
j Ordi nary Contractual / Commercial I Counterparty 
, Part y to Specifically NegotTated I Contract 
.JNpt Sure /Not Applicable ~ 



Decision Mappings of COR "Event Typer" : 
Question 5 (part II) 



Tax Violation J^Sure / N ot Applicable 

Tax Violation j Member of General Public / Ordinary Citizen 

Advisory Activities _ jl nv Manager / F iduciary / Trustee / Duty of Care 

Advisory Activities Party to Specifical I ly Negotiated Contract 

Advisory Actiyrties ^ j Ordinary Contractual / Commer cial Counterparty 

Sponsorship & Selection _ j Em ployee C ond ucting Internal, Non-Fiduciay Task 

Regulatory Monitoring / Reporting j Under Duty to Di sclose / Offe r Suitable Deals 

Regulatory Monit orin g / Reporting j Ordina ry Contractual / Comme rcial C ounterparty 

Regulatory Monitoring / Reporting ^mployee Conducting Internal, Nqn-Fiduciay Task 

Regulatory Monitoring / Re portin g Vicarious Responsibility for employee, agent, etc 

I Regulatory Monitoring / Reporting Not Sure / Not Appjicabie 

f ransaction Processing Em^ Internal, Non-Fiduciay Task 

Transaction Processing Oj;din^ Cq^ntractual / Commercial Counterparty 

Transaction Processing Party to Specifically Negotiated Contract 

Client Account Error Employee Conducting Internal, Non-Fiduciay Task 

System Failure j Mem ber of General Public / Or dinary Citizen 

System Faijure |Not Sure / Not Applicable 

System Faijure | No Role or Responsibility 

System Faijure ' 1 Party to Specifically Negotiated Contract 

System Failure ^!I!I^Yi?? ^ Non-Fiduciay Task 

System Failure Ordinar y Con t ractual / Commercial Counterparty 

System Failure Inv Manager / Fiduc iary / frustee / Duty of Care 

Vendor Dispute [ Ordin ary Cont ractual / Comm ercial Counterparty 

Vendor Dispute _j Party to Spe^caNy Negotiated Contract 



